search

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring
http://www.ntop.org
GNU General Public License v3.0
6.03k stars 639 forks source link

SEGFAULT/11 on aarch64 #8453

Open djstarfox opened 1 week ago

djstarfox commented 1 week ago

Environment:

What happened: ntopng process crashes a few seconds after startup.

How did you reproduce it? Used dpkg to upgrade from 6.1.240317 to 6.1.240512.

Debug Information: Jun 18 13:27:56 pie3 ntopng[150604]: 18/Jun/2024 13:27:56 [startup.lua:151] Initializing timeseries... Jun 18 13:27:56 pie3 ntopng[150604]: 18/Jun/2024 13:27:56 [startup.lua:248] Completed startup.lua Jun 18 13:27:56 pie3 ntopng[150604]: 18/Jun/2024 13:27:56 [FlowChecksLoader.cpp:296] WARNING: Unable to find flow check 'remote_to_local_insecure_proto': skipping it Jun 18 13:27:56 pie3 ntopng[150604]: 18/Jun/2024 13:27:56 [FlowChecksLoader.cpp:296] WARNING: Unable to find flow check 'remote_to_local_insecure_proto': skipping it Jun 18 13:27:56 pie3 ntopng[150604]: 18/Jun/2024 13:27:56 [NetworkInterface.cpp:3812] Started packet polling on interface 'eth1' [id: 0]... Jun 18 13:27:56 pie3 ntopng[150604]: 18/Jun/2024 13:27:56 [NetworkInterface.cpp:3812] Started packet polling on interface 'syslog://192.168.30.13:514@udp' [id: 1]... Jun 18 13:27:57 pie3 ntopng[150604]: 18/Jun/2024 13:27:57 [SyslogCollectorInterface.cpp:423] Collecting events on syslog://192.168.30.13:514@udp Jun 18 13:28:22 pie3 systemd[1]: ntopng.service: Main process exited, code=killed, status=11/SEGV Jun 18 13:28:22 pie3 systemd[1]: ntopng.service: Failed with result 'signal'. Jun 18 13:28:22 pie3 systemd[1]: ntopng.service: Consumed 9.293s CPU time.

After turning on debug logging v=6, here is the tail of the ntopng.log file (slightly redacted):

Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [LuaEngineNtop.cpp:5406] ntop_get_redis() called Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [HTTPserver.cpp:1622] [HTTP] Serving file /usr/share/ntopng/httpdocs/dist/ntopng.js Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [LuaEngine.cpp:444] ntop_lua_require(toast_ui) Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [LuaEngineInterface.cpp:1130] ntop_process_flow() called Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [ParsedFlow.cpp:239] Key 'HTTP_MIME' (string) not supported Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [AssetManagement.cpp:180] 192.168.xxx.xxx is set to 'xxxxxx' as label for server name Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [ParsedFlow.cpp:239] Key 'COMMUNITY_ID' (string) not supported Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [LuaEngine.cpp:472] [ntop_lua_require] Searching /usr/share/ntopng/scripts/lua/modules/pools/toast_ui.lua Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [ParsedFlow.cpp:281] Key 'SURICATA_FLOW_ID' (number) not supported Jun 18 14:10:36 pie3 ntopng[155289]: 18/Jun/2024 14:10:36 [LuaEngineInterface.cpp:47] getCurrentInterface() called

MatteoBiscosi commented 1 week ago

Hi @djstarfox could you please provide your ntopng configuration file?

djstarfox commented 1 week ago

Sure, I should have posted that earlier.... Here are all the non-comments from the ntopng.conf file:

-G=/var/run/ntopng.pid
-i=eth1
-i=syslog://192.168.30.13:514@udp
-w=80
-m="169.254.0.0/16,192.168.1.0/24" #IPranges redacted
-n=0
-d=/opt/ntopng
-p=/etc/ntopng/protos.txt
-v=6
cardigliano commented 1 week ago

@djstarfox I suggest to run a couple of tests, running ntopng with eth1 only, and with syslog only, to figure out which interface is leading to the segfault. After that we probably need to send you a binary with debug enabled.

djstarfox commented 1 week ago

No luck. Commenting out either (or both) interfaces results in the same crash and segfault. Even after completely purging the working directory (RRD info), it crashes with: 

free(): invalid pointer
Aborted

To test from the command line: cd /usr/share/ntopng/ /usr/bin/ntopng /etc/ntopng/ntopng.conf

djstarfox commented 1 week ago

Also, FYI, I've had to downgrade to ntopng_6.1.240428-23337 as a workaround. So, this bug came between version 6.1.240428 and 6.1.240512.

cardigliano commented 1 week ago

@djstarfox there is a new ntopng_6.1.240621-23628 package available at https://packages.ntop.org/RaspberryPI/bullseye_pi/arm64/ntopng/
It seems to be working fine in our lab, with no crash, please check it and let us know

djstarfox commented 1 week ago

After updating to 6.1.240621, ntopng crashes again after a minute with: free(): invalid size Aborted

cardigliano commented 4 days ago

@djstarfox please drop an email to cardigliano at ntop.org, I will send you a binary with debug support

djstarfox commented 1 day ago

I'm testing patch included with ntopng_6.1.240628-23672. Will let you know how it goes.